System and method for identifying and assessing vulnerabilities on a mobile communications device
Abstract
The invention is a system and method for identifying, assessing, and responding to vulnerabilities on a mobile communication device. Information about the mobile communication device, such as its operating system, firmware version, or software configuration, is transmitted to a server for assessment. The server accesses a data storage storing information about vulnerabilities. Based on the received information, the server may identify those vulnerabilities affecting the mobile communication device, and may transmit a notification to remediate those vulnerabilities. The server may also transmit result information about the vulnerabilities affecting the mobile communication device. The server may also store the received information about the device, so that in the event the server learns of new vulnerabilities, it may continue to assess whether the device is affected, and may accordingly notify or remediate the device. The server may provide an interface for an administrator to manage the system and respond to security issues.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1. A method comprising:
a) providing at least one server that accesses a data storage storing a plurality of sets of vulnerability information, the vulnerability information including descriptions of known vulnerabilities;
b) receiving, at the at least one server, a set of vulnerability identification information about a mobile communication communications device;
c) correlating, by the at least one server, the received set of vulnerability identification information to at least one of the plurality of sets of vulnerability information accessed from the data storage to generate a first set of result information; and,
d) transmitting, by the at least one server to the mobile communications device, a first subset of the first set of result information, an amount of the first set of result information included in the first subset of result information being determined by a setting provided to the server by an input from an administrator, and the first subset of result information including instructions for remediating at least one vulnerability of the mobile communications device.
2. The method of claim 1 , wherein the vulnerability identification information is information selected from the group consisting of an operating system type, an operating system version, a firmware version, a device model, carrier information, authentication information, user information, configuration information for the mobile communication communications device, hardware information, a list of files, a list of software components, a list of libraries, and a list of software applications on the mobile communication communications device.
3. The method of claim 1 , wherein vulnerability information is information selected from the group consisting of a name, a description, a remediation instruction, a severity rating, a security impact summary, and a criterion for being vulnerable.
4. The method of claim 1 , further comprising the step of:
e) transmitting, by the at least one server to the mobile communication communications device, a notification about the first set of result information.
5. The method of claim 4 , wherein the notification includes an instruction related to the first set of result information.
6. The method of claim 1 , further comprising the steps of:
e) updating at least one of the plurality of sets of vulnerability information on the data storage to form a plurality of updated sets of vulnerability information;
f) after the step of transmitting, by the at least one server, the first set subset of result information, correlating, by the at least one server, the received set of vulnerability identification information to the plurality of updated sets of vulnerability information to generate a second set of result information; and,
g) transmitting, by the at least one server to the mobile communications device, a second subset of the second set of result information, an amount of the second set of result information included in the second subset of result information being determined by the setting provided to the server by the input from the administrator.
7. The method of claim 1 , further comprising the steps of:
e) updating at least one of the plurality of sets of vulnerability information on the data storage to form a plurality of updated sets of vulnerability information;
f) after the step of transmitting, by the at least one server, the first set subset of result information, correlating, by the at least one server, the received set of vulnerability identification information to the plurality of updated sets of vulnerability information to generate a second set of result information; and,
g) transmitting, by the at least one server to the mobile communication communications device, a notification about the second set of result information.
8. The method of claim 1 , further comprising the steps of:
e) receiving, at the data storage, a new set of vulnerability information to form an updated plurality of sets of vulnerability information;
f) after the step of transmitting, by the at least one server, the first set subset of result information, correlating, by the at least one server, the received set of vulnerability identification information to the updated plurality of sets of vulnerability information to generate a second set of result information; and,
g) transmitting, by the at least one server, the second set of result information.
9. The method of claim 1 , further comprising the steps of:
e) receiving, at the data storage, a new set of vulnerability information to form an updated plurality of sets of vulnerability information;
f) after the step of transmitting, by the at least one server, the first set subset of result information, correlating, by the at least one server, the received set of vulnerability identification information to the updated plurality of sets of vulnerability information to generate a second set of result information; and,
g) transmitting, by the at least one server to the mobile communication communications device, a notification about the second set of result information.
10. A method comprising:
a) transmitting, from a mobile communication communications device, a set of vulnerability identification information to at least one server that accesses a data storage storing a plurality of sets of vulnerability information, the vulnerability information including descriptions of known vulnerabilities; and,
b) receiving, at the mobile communication communications device from the at least one server, a subset of a first set of result information that correlates to, wherein the first set of result information is generated by correlating the transmitted set of vulnerability identification information to at least one of the plurality of sets of vulnerability information stored on the data storage, and wherein an amount of the first set of result information included in the subset of result information being determined by a setting provided to the server by an input from an administrator, and wherein the subset of result information includes instructions for remediating at least one vulnerability of the mobile communications device.
11. The method of claim 10 , wherein the vulnerability identification information is information selected from the group consisting of an operating system type, an operating system version, a firmware version, a device model, carrier information, authentication information, user information, configuration information for the mobile communication communications device, hardware information, a list of files, a list of software components, a list of libraries, and a list of software applications on the mobile communication communications device.
12. The method of claim 10 , wherein vulnerability information is information selected from the group consisting of a name, a description, a remediation instruction, a severity rating, a security impact summary, and a criterion for being vulnerable.
13. The method of claim 10 , further comprising the step of:
c) receiving, at the mobile communication communications device from the at least one server, a notification about the first set of result information.
14. The method of claim 13 , wherein the notification includes an instruction related to the first set of result information.
15. The method of claim 13 , further comprising the step of:
d) displaying, on the mobile communication communications device, at least a portion of the received notification.
16. The method of claim 10 , further comprising the step of:
c) receiving, at the mobile communication communications device from the at least one server, a notification about a second set of result information.
17. A method comprising:
a) providing at least one server that accesses a data storage storing a plurality of sets of vulnerability information, the vulnerability information including descriptions of known vulnerabilities;
b) receiving, at the at least one server, a first set of vulnerability identification information about a first mobile communication communications device;
c) correlating, by the at least one server, the first set of vulnerability identification information to at least one of the plurality of sets of vulnerability information accessed from the data storage to generate a first set of result information; and,
d) transmitting, by the at least one server to the mobile communications device, a first subset of the first set of result information, an amount of the first set of result information included in the first subset of result information being determined by a setting provided to the server by an input from an administrator, and the first subset of result information including instructions for remediating at least one vulnerability of the mobile communications device;
e) receiving, at the at least one server, a second set of vulnerability identification information about a second mobile communication communications device, wherein the second set of vulnerability identification information differs from the first set of vulnerability identification information;
f) correlating, by the at least one server, the second set of vulnerability identification information to at least one of the plurality of sets of vulnerability information to generate a second set of result information; and,
g) transmitting, by the at least one server to the mobile communications device, a second subset of the second set of result information, an amount of the second set of result information included in the second subset of result information being determined by the setting provided to the server by the input from the administrator.
18. The method of claim 17 , wherein the vulnerability identification information is information selected from the group consisting of an operating system type, an operating system version, a firmware version, a device model, carrier information, authentication information, user information, configuration information for the mobile communication communications device, hardware information, a list of files, a list of software components, a list of libraries, and a list of software applications on the mobile communication communications device.
19. The method of claim 17 , wherein vulnerability information is information selected from the group consisting of a name, a description, a remediation instruction, a severity rating, a security impact summary, and a criterion for being vulnerable.
20. A system comprising:
a data storage storing a plurality of sets of vulnerability information, the vulnerability information including descriptions of known vulnerabilities;
a server for accessing the data storage, for receiving one or more sets of vulnerability identification information about one or more mobile communication communications devices, for correlating the one or more sets of received vulnerability identification information to at least one of the plurality of sets of vulnerability information accessed from the data storage to generate one or more sets of result information, for transmitting one or more subsets of the one or more sets of result information, and for transmitting one or more notifications about the one or more sets of result information, wherein an amount of the one or more sets of result information included in the one or more subsets of result information is determined by a setting provided to the server by an input from an administrator, and wherein at least one of the one or more subsets of result information includes instructions for remediating at least one vulnerability of the mobile communication device; and,
a network connecting the at least one server, data storage, and the plurality of one or more mobile communication communications devices.
21. The system of claim 20 , further comprising a user interface for monitoring the plurality of one or more mobile communication communications devices to identify which of the plurality of one or more mobile communication communications devices is vulnerable.
22. The system of claim 20 , wherein vulnerability information is information selected from the group consisting of a name, a description, one or more remediation instructions, a severity rating, a security impact summary, and one or more criteria for being vulnerable.
23. A method comprising:
a) providing at least one server that accesses a data storage storing a plurality of sets of vulnerability information, the vulnerability information including descriptions of known vulnerabilities;
b) receiving, at the at least one server, a set of vulnerability identification information about a mobile communication communications device;
c) correlating, by the at least one server, the received set of vulnerability identification information to at least one of the plurality of sets of vulnerability information accessed from the data storage to generate a first set of result information; and,
d) transmitting, by the at least one server to the mobile communication communications device, a first subset of the first set of result information and a notification about the first subset of the first set of result information, wherein an amount of the first set of result information included in the first subset of result information is determined by a setting provided to the server by an input from an administrator, and wherein the first subset of result information includes instructions for remediating at least one vulnerability of the mobile communications device.
24. The method of claim 23 , wherein the vulnerability identification information is information selected from the group consisting of an operating system type, an operating system version, a firmware version, a device model, carrier information, authentication information, user information, configuration information for the mobile communication communications device, hardware information, a list of files, a list of software components, a list of libraries, and a list of software applications on the mobile communication communications device.
25. The method of claim 23 , wherein vulnerability information is information selected from the group consisting of a name, a description, a remediation instruction, a severity rating, a security impact summary, and a criterion for being vulnerable.
26. The method of claim 23 , further comprising the steps of:
e) receiving, at the data storage, a new set of vulnerability information to form an updated plurality of sets of vulnerability information;
f) correlating, by the at least one server, the received set of vulnerability identification information to the updated plurality of sets of vulnerability information to generate a second set of result information; and,
g) transmitting, by the at least one server to the mobile communications device, a second subset of the second set of result information, an amount of the second set of result information included in the second subset of result information being determined by the setting provided to the server by the input from the administrator.
27. The method of claim 23 , further comprising the steps of:
e) receiving, at the data storage, a new set of vulnerability information to form an updated plurality of sets of vulnerability information;
f) correlating, by the at least one server, the received set of vulnerability identification information to the updated plurality of sets of vulnerability information to generate a second set of result information; and,
g) transmitting, by the at least one server to the mobile communication communications device, a notification about the second set of result information.
28. A method comprising:
a) storing a plurality of sets of vulnerability information on a data storage accessible by at least one server, the vulnerability information including descriptions of known vulnerabilities; b) receiving, at the at least one server, a set of vulnerability identification information about a mobile communications device; c) correlating, by the at least one server, the received set of vulnerability identification information to at least one of the plurality of sets of vulnerability information accessed from the data storage to generate a first set of result information; and d) transmitting, by the at least one server to the mobile communications device, a first subset of the first set of result information, an amount of the first set of result information included in the first subset of result information being determined by a setting provided to the server by an input from an administrator, and the first subset of result information including instructions for remediating at least one vulnerability of the mobile communications device.
29. The method of claim 28, wherein the vulnerability identification information is information selected from the group consisting of an operating system type, an operating system version, a firmware version, a device model, carrier information, authentication information, user information, configuration information for the mobile communications device, hardware information, a list of files, a list of software components, a list of libraries, and a list of software applications on the mobile communications device.
30. The method of claim 28, wherein vulnerability information is information selected from the group consisting of a name, a description, a remediation instruction, a severity rating, a security impact summary, and a criterion for being vulnerable.
31. The method of claim 28, further comprising the step of:
e) transmitting, by the at least one server to the mobile communications device, a notification about the first set of result information.
32. The method of claim 31, wherein the notification includes an instruction related to the first set of result information.
33. The method of claim 28, further comprising the steps of:
e) updating at least one of the plurality of sets of vulnerability information on the data storage to form a plurality of updated sets of vulnerability information; f) after the step of transmitting, by the at least one server, the first subset of result information, correlating, by the at least one server, the received set of vulnerability identification information to the plurality of updated sets of vulnerability information to generate a second set of result information; and, g) transmitting, by the at least one server to the mobile communications device, a second subset of the second set of result information, an amount of the second set of result information included in the second subset of result information being determined by the setting provided to the server by the input from the administrator.
34. The method of claim 28, further comprising the steps of:
e) updating at least one of the plurality of sets of vulnerability information on the data storage to form a plurality of updated sets of vulnerability information; f) after the step of transmitting, by the at least one server, the first subset of result information, correlating, by the at least one server, the received set of vulnerability identification information to the plurality of updated sets of vulnerability information to generate a second set of result information; and, g) transmitting, by the at least one server to the mobile communications device, a notification about the second set of result information.
35. The method of claim 28, further comprising the steps of:
e) receiving, at the data storage, a new set of vulnerability information to form an updated plurality of sets of vulnerability information; f) after the step of transmitting, by the at least one server, the first subset of result information, correlating, by the at least one server, the received set of vulnerability identification information to the updated plurality of sets of vulnerability information to generate a second set of result information; and, g) transmitting, by the at least one server, the second set of result information.
36. The method of claim 28, further comprising the steps of:
e) receiving, at the data storage, a new set of vulnerability information to form an updated plurality of sets of vulnerability information; f) after the step of transmitting, by the at least one server, the first subset of result information, correlating, by the at least one server, the received set of vulnerability identification information to the updated plurality of sets of vulnerability information to generate a second set of result information; and, g) transmitting, by the at least one server to the mobile communications device, a notification about the second set of result information.
37. A method comprising:
a) storing a plurality of sets of vulnerability information on a data storage accessible by at least one server, the vulnerability information including descriptions of known vulnerabilities; b) receiving, at the at least one server, a first set of vulnerability identification information about a first mobile communications device; c) correlating, by the at least one server, the first set of vulnerability identification information to at least one of the plurality of sets of vulnerability information accessed from the data storage to generate a first set of result information; d) transmitting, by the at least one server to the first mobile communications device, a first subset of the first set of result information, an amount of the first set of result information included in the first subset of result information being limited by a setting specified by an administrator, and the first subset of result information including instructions for remediating at least one vulnerability of the mobile communications device; e) receiving, at the at least one server, a second set of vulnerability identification information about a second mobile communications device, wherein the second set of vulnerability identification information differs from the first set of vulnerability identification information; f) correlating, by the at least one server, the second set of vulnerability identification information to at least one of the plurality of sets of vulnerability information to generate a second set of result information; and, g) transmitting, by the at least one server to the second mobile communications device, a second subset of the second set of result information, an amount of the second set of result information included in the second subset of result information being determined by the setting provided to the server by the input from the administrator.
38. The method of claim 37, wherein the vulnerability identification information is information selected from the group consisting of an operating system type, an operating system version, a firmware version, a device model, carrier information, authentication information, user information, configuration information for the mobile communications device, hardware information, a list of files, a list of software components, a list of libraries, and a list of software applications on the mobile communications device.
39. The method of claim 37, wherein vulnerability information is information selected from the group consisting of a name, a description, a remediation instruction, a severity rating, a security impact summary, and a criterion for being vulnerable.
40. A method comprising:
a) storing a plurality of sets of vulnerability information on a data storage accessible by at least one server, the vulnerability information including descriptions of known vulnerabilities; b) receiving, at the at least one server, a set of vulnerability identification information about a mobile communications device; c) correlating, by the at least one server, the received set of vulnerability identification information to at least one of the plurality of sets of vulnerability information accessed from the data storage to generate a first set of result information; d) transmitting, by the at least one server to the mobile communications device, a notification about the first set of result information; and e) transmitting, by the at least one server to the mobile communications device, a first subset of the first set of result information, the first subset of result information being selected from the first set of result information based on a determined vulnerability risk of each item of the result information, and the first subset of result information including instructions for remediating at least one vulnerability of the mobile communications device.
41. The method of claim 40, wherein the vulnerability identification information is information selected from the group consisting of an operating system type, an operating system version, a firmware version, a device model, carrier information, authentication information, user information, configuration information for the mobile communications device, hardware information, a list of files, a list of software components, a list of libraries, and a list of software applications on the mobile communications device.
42. The method of claim 40, wherein vulnerability information is information selected from the group consisting of a name, a description, a remediation instruction, a severity rating, a security impact summary, and a criterion for being vulnerable.
43. The method of claim 40, further comprising the steps of:
f) receiving, at the data storage, a new set of vulnerability information to form an updated plurality of sets of vulnerability information; g) correlating, by the at least one server, the received set of vulnerability identification information to the updated plurality of sets of vulnerability information to generate a second set of result information; and, h) transmitting, by the at least one server to the mobile communications device, a second subset of the second set of result information, the second subset of result information being selected from the second set of result information based on a determined vulnerability risk of each item of the result information.
44. The method of claim 40, further comprising the steps of:
f) receiving, at the data storage, a new set of vulnerability information to form an updated plurality of sets of vulnerability information; g) correlating, by the at least one server, the received set of vulnerability identification information to the updated plurality of sets of vulnerability information to generate a second set of result information; and, h) transmitting, by the at least one server to the mobile communications device, a notification about the second set of result information.
45. A method comprising:
a) storing a plurality of sets of vulnerability information on a data storage accessible by a server, the vulnerability information including descriptions of known vulnerabilities; b) receiving, at the server a plurality of sets of vulnerability identification information about a plurality of mobile communications devices, each vulnerability identification information set associated with a single mobile communications device; c) correlating, by the server, the received plurality of vulnerability identification information sets to the stored plurality of vulnerability information accessed from the data storage to generate a plurality of sets of assessment result information; d) transmitting the plurality of sets of assessment result information for display on a management console; and e) transmitting, by the server to each of the plurality of mobile communications devices, a subset of a corresponding set of assessment result information, the subset being selected from the corresponding set of assessment result information based on a determined vulnerability risk of each item of the corresponding assessment result information, and the subset including instructions for remediating at least one vulnerability of the plurality of mobile communications devices.
46. The method of claim 45 further comprising the steps of:
at the server, receiving from an administrator for the plurality of mobile communications devices configuration instructions for the correlating and transmitting steps.
47. The method of claim 46 wherein the configuration instructions are selected from the group consisting of custom triggers for transmission of the plurality of sets of assessment result information to the management console, the time period the server waits before transmitting the plurality of sets of assessment result information, the email address where the plurality of sets of assessment result information should be sent, and the type of service that the server should use to transmit the plurality of sets of assessment result information.
48. The method of claim 45 wherein the set of vulnerability information about the mobile communications device is selected from the group of information consisting of weaknesses in the mobile communications device's operating system, other software or hardware flaws in the mobile communications device, protocol implementation or specification flaws in the mobile communications device, misconfiguration of the mobile communications device, software applications installed or stored on the mobile communications device, services provided through, to or by the mobile communications device, the presence of Bluetooth, infrared or Internet capabilities on the mobile communications device, and weaknesses in the mobile communications device's interaction with, flaws in, or misconfiguration of text messaging, voice mail, and telephony.
49. A method comprising:
a) on a server accessing data storage containing a plurality of sets of vulnerability criteria, the vulnerability criteria including descriptions of known vulnerabilities, receiving a set of vulnerability identification information from a mobile communications device; b) at the server, correlating the received set of vulnerability identification information to the stored plurality of sets of vulnerability criteria to determine if there is a partial match between the received set and at least one of the plurality of stored sets of vulnerability criteria accessed from the data storage, and to generate a set of result information; and c) when the server determines there is a partial match between the received set and at least one of the plurality of stored sets of vulnerability criteria, transmitting by the server to the mobile communications device a subset of the set of result information related to the vulnerability criteria, the subset of result information being selected from the set of result information based on a determined vulnerability risk of each item of the result information, and the subset of result information including instructions for remediating at least one vulnerability of the mobile communications device.
50. The method of claim 49 wherein the vulnerability identification information is selected from the group consisting of an operating system type, an operating system version, a firmware version, a device model, carrier information, authentication information, user information, configuration information for the mobile communications device, hardware information, and a list of software applications running on the mobile communications device, and combinations thereof.
51. The method of claim 49 wherein the set of vulnerability information about the mobile communications device is selected from the group of information consisting of weaknesses in the mobile communications device's operating system, other software or hardware flaws in the mobile communications device, protocol implementation or specification flaws in the mobile communications device, misconfiguration of the mobile communications device, software applications installed or stored on the mobile communications device, services provided through, to or by the mobile communications device, the presence of Bluetooth, infrared or Internet capabilities on the mobile communications device, and weaknesses in the mobile communications device's interaction with, flaws in, or misconfiguration of text messaging, voice mail, and telephony.
52. A method comprising:
a) storing a plurality of sets of vulnerability information on a data storage accessible by a server, the vulnerability information including descriptions of known vulnerabilities; b) receiving, at the server, a first set of vulnerability identification information about a mobile communications device; c) correlating, by the server, the received set of vulnerability identification information to the plurality of sets of vulnerability information accessed from the data storage to generate a first set of result information; d) transmitting to the mobile communications device, by the server, a first subset of the first set of result information and a request for a second set of vulnerability identification information about the mobile communications device, wherein the first subset of result information is selected from the first set of result information based on a determined vulnerability risk of each item of the result information, and wherein the first subset of result information includes instructions for remediating at least one vulnerability of the mobile communications device; e) receiving at the server the requested second set of vulnerability identification information; f) correlating, by the server, the received second set of vulnerability identification information to the plurality of sets of vulnerability information to generate a second set of result information; and d) transmitting to the mobile communications device, by the server, a second subset of the second set of result information, wherein the second subset of result information is selected from the second set of result information based on the determined vulnerability risk of each item of the result information.
53. The method of claim 52, further comprising the step of:
e) transmitting by the server to the mobile communications device, a notification about the second set of result information.
54. The method of claim 52, wherein the notification includes an instruction related to the second set of result information.
55. The method of claim 52 wherein the set of vulnerability information about the mobile communications device is selected from the group of information consisting of weaknesses in the mobile communications device's operating system, other software or hardware flaws in the mobile communications device, protocol implementation or specification flaws in the mobile communications device, misconfiguration of the mobile communications device, software applications installed or stored on the mobile communications device, services provided through, to or by the mobile communications device, the presence of Bluetooth, infrared or Internet capabilities on the mobile communications device, and weaknesses in the mobile communications device's interaction with, flaws in, or misconfiguration of text messaging, voice mail, and telephony.
56. A method comprising:
a) receiving at a mobile communications device from a server a first set of vulnerability information about the mobile communications device, the first set of vulnerability information being accessed from a data storage device of the server, the vulnerability information including descriptions of known vulnerabilities, an amount of information included in the first set of vulnerability information being determined by a setting provided to the server by an input from an administrator; and b) correlating by the mobile communications device the received first set of vulnerability information to a set of vulnerability identification information about the mobile communications device to determine whether the received vulnerability information is relevant to the mobile communications device to generate a first set of vulnerability result information, the first set of vulnerability result information including instructions for remediating at least one vulnerability of the mobile communications device.
57. The method of claim 56 further comprising the steps of:
transmitting, from the mobile communications device to the server, a set of vulnerability identification information about the mobile communications device; and at the mobile communications device, receiving from the server a second set of vulnerability result information generated by the server, an amount of information included in second set of vulnerability information being determined by the setting provided to the server by the input from the administrator.
58. The method of claim 56 wherein the first set of vulnerability information received from the server is based upon the mobile communications device operating system.
59. The method of claim 56 wherein the set of vulnerability information about the mobile communications device is selected from the group of information consisting of weaknesses in the mobile communications device's operating system, other software or hardware flaws in the mobile communications device, protocol implementation or specification flaws in the mobile communications device, misconfiguration of the mobile communications device, software applications installed or stored on the mobile communications device, services provided through, to or by the mobile communications device, the presence of Bluetooth, infrared or Internet capabilities on the mobile communications device, and weaknesses in the mobile communications device's interaction with, flaws in, or misconfiguration of text messaging, voice mail, and telephony.
60. A method comprising:
a) at a server, determining whether a vulnerability of a mobile communications device exceeds a threshold level based on a prioritized list of vulnerability risks; b) at a server, determining that the mobile communications device requires remediation when the vulnerability is determined to exceed the threshold level; c) at the server, transmitting instructions to the mobile communications device to remediate the vulnerability of the mobile communications device determined to exceed the threshold level; d) at the server, determining whether a remediation confirmation has been received from the mobile communications device in response to the transmitted instructions within a preset time period; and e) when the server determines that the remediation confirmation has not been received within the preset time period, taking, at the server, an action step to facilitate remediating the determined vulnerability.
61. The method of claim 60 wherein the action step is selected from the group of actions consisting of notifying an administrator of the mobile communications device about the determined vulnerability, disabling the mobile communications device, disabling the mobile communications device such that an administrator of the mobile communications device must verify that the determined vulnerability has been remediated before the mobile communications device can be used again, and notifying the user of the mobile communications device via email or text that the mobile communications device has been determined vulnerable.
62. The method of claim 60 wherein the set of vulnerability information about the mobile communications device is selected from the group of information consisting of weaknesses in the mobile communications device's operating system, other software or hardware flaws in the mobile communications device, protocol implementation or specification flaws in the mobile communications device, misconfiguration of the mobile communications device, software applications installed or stored on the mobile communications device, services provided through, to or by the mobile communications device, the presence of Bluetooth, infrared or Internet capabilities on the mobile communications device, and weaknesses in the mobile communications device's interaction with, flaws in, or misconfiguration of text messaging, voice mail, and telephony.
63. A method comprising:
storing, in a data store accessible by a server, vulnerability information based on applications available for installation on mobile communications devices, the vulnerability information including descriptions of known vulnerabilities; receiving, at the server, first information and second information from a mobile communications device, wherein the first information identifies an application downloaded to the mobile communications device, and the second information identifies an operating system of the mobile communications device; analyzing, at the server, the stored vulnerability information, and the first and second information; based on the analysis, making a vulnerability assessment; transmitting a subset of the vulnerability assessment from the server to the mobile communications device, the subset of the vulnerability assessment being selected from the vulnerability assessment based on a determined vulnerability risk of each item of the vulnerability assessment; and based on the vulnerability assessment, transmitting from the server to the mobile communications device instructions for remediating at least one vulnerability of the mobile communications device.
64. The method of claim 63 wherein the set of vulnerability information about the mobile communications device is selected from the group of information consisting of weaknesses in the mobile communications device's operating system, other software or hardware flaws in the mobile communications device, protocol implementation or specification flaws in the mobile communications device, misconfiguration of the mobile communications device, software applications installed or stored on the mobile communications device, services provided through, to or by the mobile communications device, the presence of Bluetooth, infrared or Internet capabilities on the mobile communications device, and weaknesses in the mobile communications device's interaction with, flaws in, or misconfiguration of text messaging, voice mail, and telephony.
65. The method of claim 63 wherein the mobile communications device displays the first subset of the vulnerability assessment on the mobile communications device using an icon whose image changes depending upon the content of the first set of vulnerability assessment.
66. A method:
a) on a mobile communications device, transmitting vulnerability identification information to a server; and b) on the mobile communications device, receiving a first subset of a first set of vulnerability result information from the server, wherein the first set of vulnerability result information is generated based on a correlation between the transmitted vulnerability identification information and at least one of a plurality of sets of vulnerability information accessed from a data storage device of the server, the vulnerability information including descriptions of known vulnerabilities, and wherein the first subset of vulnerability result information is selected from the first set of vulnerability result information based on a determined vulnerability risk of each item of the vulnerability result information, and wherein the first subset of vulnerability result information includes instructions for remediating at least one vulnerability of the mobile communications device.
67. The method of claim 66 wherein the first subset of vulnerability result information is used by the mobile communications device to generate a display on the mobile communications device.
68. The method of claim 67 wherein the display generated using the first subset of vulnerability result information on the mobile communications device displays an icon whose image changes depending upon the content of the first subset of vulnerability result information.
69. A method comprising:
at an administrator server in communication with a plurality of mobile communications devices, receiving a plurality of sets of vulnerability result information, each set associated with one of the plurality of mobile communications devices, wherein the plurality of sets of vulnerability result information is generated based on correlating, for each of the plurality of mobile communications devices, a received set of vulnerability identification information to at least one of a plurality of sets of vulnerability information accessed from a data storage of the administrator server, the vulnerability information including descriptions of known vulnerabilities; at the administrator server, based upon the received plurality of sets of vulnerability result information, performing actions directed to the mobile communications devices identified in the sets of vulnerability result information as having vulnerabilities; and at the administrator server, based upon the received plurality of sets of vulnerability result information, transmitting to each of the plurality of mobile communications devices identified in the sets of vulnerability result information as having vulnerabilities, a subset of a corresponding set of vulnerability result information, the subset being selected from the corresponding set of vulnerability result information based on a determined vulnerability risk of each item of the corresponding vulnerability result information, and the subset of the corresponding set of vulnerability result information including instructions for remediating at least one vulnerability of the mobile communications device.
70. The method of claim 69 wherein the actions are selected from the group of actions consisting of notifying the user of the mobile communications device about the vulnerability via push notification, text message, or email, disabling the mobile communications device, and disabling the ability of the mobile communications device to access a service.
71. The method of claim 69 wherein the administrator server accesses data storage containing a plurality of sets of vulnerability identification information, each set associated with one of the plurality of mobile communications devices, and wherein the actions performed are based upon a priority of vulnerabilities set according to the plurality of sets of vulnerability identification information.
72. The method of claim 69 wherein the set of vulnerability information about the mobile communications device is selected from the group of information consisting of weaknesses in the mobile communications device's operating system, other software or hardware flaws in the mobile communications device, protocol implementation or specification flaws in the mobile communications device, misconfiguration of the mobile communications device, software applications installed or stored on the mobile communications device, services provided through, to or by the mobile communications device, the presence of Bluetooth, infrared or Internet capabilities on the mobile communications device, and weaknesses in the mobile communications device's interaction with, flaws in, or misconfiguration of text messaging, voice mail, and telephony.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.